This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2017-09-29
Channels
- # ai (2)
- # beginners (12)
- # bitcoin (1)
- # boot (41)
- # chestnut (5)
- # cider (9)
- # clara (24)
- # cljs-dev (11)
- # clojure (107)
- # clojure-dev (2)
- # clojure-italy (4)
- # clojure-nl (4)
- # clojure-russia (10)
- # clojure-spec (19)
- # clojure-uk (71)
- # clojurescript (121)
- # cursive (3)
- # data-science (7)
- # datacrypt (1)
- # datomic (72)
- # docs (7)
- # duct (2)
- # emacs (3)
- # ethereum (1)
- # figwheel (1)
- # fulcro (58)
- # graphql (16)
- # hoplon (9)
- # jobs (2)
- # jobs-rus (1)
- # lein-figwheel (1)
- # leiningen (25)
- # luminus (2)
- # lumo (5)
- # off-topic (6)
- # onyx (22)
- # pedestal (3)
- # portkey (1)
- # proton (2)
- # re-frame (7)
- # remote-jobs (1)
- # ring-swagger (3)
- # rum (2)
- # shadow-cljs (38)
- # specter (7)
- # yada (30)
when a POST goes wrong and a 500 is returned, is it possible to view a stack trace in the response? Currently I am changing the post to a get because yada will print the stack trace that way
Are you accepting html in your request?@
interesting, I can't get route to match with path param like AQMkADU4YmQ0ZDU0LTJkNzUtNGE5MS1hNmIwLTZjNzkyNmVhNGI2NABGAAADgLxKILUg8UycUESZkpzxuQcAX74XcER4HUqZ4ZShQm7AgAAAAgENAAAAX74XcER4HUqZ4ZShQm7AgAABoA7_-QAAAA==
but if I remove the last two equal signs it does match
@macroz I think there's a fairly strict regex in place in bidi to reduce the chance of exploits.
Microsoft Graph API contains IDs like that and this is a DELETE request so makes sense to use a path parameter
@macroz that is because the default bidi regex doesn't match on =, but you can declare the regex explicitly in your path param. See bidi's README
if I declare a path parameter with String schema I would expect it accepts all Strings
It piggy backs on bidi's path parameter logic
All strings? Careful with those injection attacks...
But yes, it does seem like something that needs a better solution
it parses/matches the path so it does have some format, it comes in a Java (/Clojure) String so where is your injection possibility?
If you go on to use that string in html output, sql concatenation, etc.
Just be careful with inputs from requests
yes, but that is in my view an altogether different concern that is mostly solved by the other library where you pass the String into, i.e. PreparedStatement
Sure. I agree. Just be careful
hiccup v1 is one that doesn't There are others...
That is no great use if the backend isn't also cleaning input.
Great. Yes I will